An e-commerce shop is a specific type of website. Unlike a normal website, which mainly serves to inform customers about the company and its products, shops involve the transfer of a lot of information about users. For this reason, penetration tests of such websites are extended compared to basic website tests.
What information and data should be particularly protected on an e-commerce site?
- User login data (logins and passwords)
- Personal data of customers
- Order history
- Invoices
The dangers that can cause direct financial loss to the e-shop owner include:
- Price manipulation
- Fraudulent use of discount codes
- Temporary or total shop closure
- Swapping payment gateways
The e-commerce penetration tests we carry out include, in addition to the elements of testing Internet websites and applications:
- Verification of the purchasing process
- Analysis of the process involved in redeeming promotional coupons or other types of discounts
- Security tests of the ways in which personal data is stored (backups, servers and processes)
- Security analysis of integration with payment gateways
- Verification of the security of the CMS and its integration with the ERP system (if existing)